CVE-2019-3702
HIGHLifesize Icon 300/500/700 Firmware - Authenticated Remote Code Execution via DNS Query Address Field
Title source: llmDescription
A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LS_RM3_3.7.0 (2421) allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in a JSON API request.
References (3)
Core 3
Core References
Not Applicable x_refsource_misc
https://www.sva.de/solutions/it-security.html
Product, Vendor Advisory x_refsource_misc
https://www.lifesize.com/en/video-conferencing-cameras
Exploit, Third Party Advisory x_refsource_misc
https://atomic111.github.io/article/lifesize-icon-remote-code-execution
Scores
CVSS v3
8.8
EPSS
0.0530
EPSS Percentile
91.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (3)
lifesize/icon_300_firmware
ls_rm3_3.7.0\(2421\)
lifesize/icon_500_firmware
ls_rm3_3.7.0\(2421\)
lifesize/icon_700_firmware
ls_rm3_3.7.0\(2421\)
Published
May 13, 2019
Tracked Since
Feb 18, 2026